SSL flaw?

The SSL implementation only seems to verify the validity of a certificate, but does not match the CN in the certificate to the site name.

Example:
if I create a bogus CA , and with it certify a well known site (e.g. ftp.xxxxxxxx.com) and then make a phishing site (ftp.xxxxyxxx.com), smartftp will not complain that the site does not match the certificate.

Pjo

Yep that's true. The CN is not validated against the hostname.

Regarfds,